On Mon, Feb 21, 2011 at 6:45 PM, Stan Hoeppner <s...@hardwarefreak.com>wrote:
> Pascal Hambourg put forth on 2/21/2011 3:51 PM: > > Stan Hoeppner a écrit : > >> > >> You only need one > >> NIC in your firewall box when using a switch. You simply plug > >> everything into the switch including the DSL modem and the Netgear. > >> Bind both the public and private IP addresses to the same NIC in the > >> firewall using a virtual NIC: i.e. eth0 and eth0:1. > > > > This is a wrong idea because the firewall can be by-passed, leaving a > > hole in the LAN security. > > Would you mind explaining why you believe this? > > well, if you fill up a switch's arp cache, it starts acting like a hub. at that point data goes everywhere. supposedly, there is also a way to 'pivot' past a nat device - i haven't looked into this, so i can't speak to this much...